To Build Trust – Secure Student Data
While privacy has received a lot of attention during the past year or so, there can be no doubt that the first step to ensuring privacy is to secure data. This includes data on devices, stored somewhere on the school network or in the cloud, whether managed by the school or by a service provider. “Trusted Learning Environment” is a popular new term and if we are going to achieve that we have to get serious about data security.
The unwelcome truth is that security is about control. Control of where data is stored. Control of applications used to process data. Control of who has access to the data. How long the data is kept. How it is destroyed (deleted). And the list goes on. If you want to create a trusted digital learning environment by ensuring privacy through security and other privacy practices you cannot have an ‘anything goes’ approach to IT.
This can create tension between the school district’s information technology professionals and educators, including education technology specialists. It is ironic because educators should be just as concerned about protecting the privacy (and security) of student data as their counterparts in human resources and finance are of personnel and financial records. Unfortunately though, they too often see it as an attempt to limit academic freedom by IT staffers who know little about what goes on in a classroom.
We have all seen, maybe even experienced, the problems that occur when IT and education in a district can’t see eye-to-eye. Not only is it not productive, but it is not in the best interest of students and district stakeholders. Privacy and security are simply too important for everyone to not be on the same page.
In a recently published analyst report I describe in practical terms what school leaders need to do to ensure data security. The report, titled Data Security: The First Step to Protect Student Privacy can be found at http://www.k12blueprint.com/security. In short though, I like to think in terms of 4 big challenges: (1) Data Breach, (2) Data Leak, (3) Data “Fumble,” and (4) “Being Human.” Data Breaches most commonly occur when someone hacks a server. They intentionally break through security in an attempt to steal or expose data. Data Leaks happen in a couple of different ways. One way is via malicious software that somehow finds its way onto a computer. The software renders the server unsecure and can even transfer data from the server to other places. Another type of data leak is due to sloppy program design or coding. A Data Fumble can range from losing a laptop computer with an unsecured hard drive to accidentally emailing sensitive data to the wrong person. Don’t laugh, it happens.
“Being Human” is the most understandable and the most preventable of data security challenges. I would venture to bet that anyone reading this (as well as the writer, yours truly) has practices that are not exactly good when it comes to data security. Maybe you have a username and password written on a sticky note on your desk. Maybe you store very sensitive data on your computer in files that are not password protected. Maybe you send sensitive information as email attachments. We have to be much more careful.
Protecting confidential and sensitive student data must be a priority for everyone in the school district. Not only is it the law, but it is the responsibility of the adults in whom parents entrust their children. And ensuring data security is the best first step to ensuing student privacy.
Bob Moore has enjoyed a career of 26 years in education technology. His work has included more than two decades as a CIO in K12 schools and several years as lead strategist for a multi-billion dollar global ed-tech business, as well many years of active leadership in organizations such as CoSN. In 2012 Bob founded RJM Strategies LLC and works with schools and ed-tech business clients as a strategist, advisor and subject matter expert. His life’s work is grounded in his tenacious commitment to vision, innovation, integrity and practicality. Follow Bob on Twitter @BobMEdTech. See Bob's Profile and Connect on LinkedIn at http://www.linkedin.com/pub/bob-moore/0/ba4/675/